Re: [saag] About the "Draft text for a PQ Maintenance WG"

Mike Prorock <mprorock@mesur.io> Fri, 25 March 2022 13:08 UTC

Return-Path: <mprorock@mesur.io>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B636B3A1222 for <saag@ietfa.amsl.com>; Fri, 25 Mar 2022 06:08:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8PVexwh2bkt for <saag@ietfa.amsl.com>; Fri, 25 Mar 2022 06:08:30 -0700 (PDT)
Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61B3B3A0B72 for <saag@ietf.org>; Fri, 25 Mar 2022 06:08:30 -0700 (PDT)
Received: by mail-ua1-x92f.google.com with SMTP id 34so3300408uao.13 for <saag@ietf.org>; Fri, 25 Mar 2022 06:08:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NAvZVFKRtRRBhr0excataMXpuBTJUFdBIr86HBY8eF8=; b=tNxPqfHFTWLev6/W8SjAVCi3YWMOc7NUNcRKFPnO2RTKAZO75Vv2Ihq7bhdoJ5er/4 xdf5JgUPSFUNSqzfp0R0jsYZzLpiYY3Nh/yfV/NWwHqUSc1VCYZzL/MKtMUUHv6VFMPl C3+M6e1/ng7KPoVMDrR3xIaZXkTxJT7TQF7Fozy48RyocjoVstE+3wrUzZ5AQRaWzF7d xP2fxM9gYrGJweIjrIoeej+YyflvSBFFt2HPMREAPZMy4zPHRE8uocv2V41jn9NOmXz9 3EE8VXLUV777HCQ8H655sKPw5cNXjJNvSOogIK6vvsQWdW622tSZWV7OS65aQ8eABUX8 asYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NAvZVFKRtRRBhr0excataMXpuBTJUFdBIr86HBY8eF8=; b=rc4fCc6wGKFry2uvB0LxFDWkEbWYPpg1k3vLqy53zhFniSNpy4iCHZzJC40sD93mJM KadAgM/rFImVxFfow1KHLBOaxuTPMNjOv0SMUfDcyPH5rQFapda6DdgK8o0Z5vkNaPCs AfyLob877CgywhXBRTAKy70lY6AOqyhHjo4ZLRoZY3F6ygk9Y4N2lSD5ypZKS6C45s69 IV5XplRY+Qg4IuYcm08Y5EEW6rFZX/OeYGK1ztdcfCbmzqdS+9BMdLj+XQ/ZS/4KvdOK tve7jbplM7fo/jCKMOdBtg/ckZhz+HF1N8xAqYqqeY9hNCHgapMttNi6G02crvNYmwPS 79oA==
X-Gm-Message-State: AOAM533O0l00UjEL5nqDi5dasV0EWOtdkfEsybk7NuUG5oQg+HsfUrUv 1dkThG/oVWaJCnafnEg34wKQ6MNAxyZtKfmFQ9yQwazOog==
X-Google-Smtp-Source: ABdhPJx85OA/ZmD0m5EQkp0hwlGvJ1woonD/9jpV3hrjybdwbsjIWOkpELlLppLKYok/kuSJ5obX/OX+rCi4SOBgmjo=
X-Received: by 2002:a9f:3b2e:0:b0:347:33ae:e5e4 with SMTP id i46-20020a9f3b2e000000b0034733aee5e4mr4574995uah.49.1648213708743; Fri, 25 Mar 2022 06:08:28 -0700 (PDT)
MIME-Version: 1.0
References: <66A20135-5437-43E4-9F74-AE1D1FDB3A59@gmail.com> <DM3P110MB053881D653F826CE81524E8BDCF29@dm3p110mb0538.namp110.prod.outlook.com> <02E8D61E-D96B-4520-A781-4EB43014BFB8@gmail.com> <DM3P110MB053869F08FD5E90EF139E564DCF29@dm3p110mb0538.namp110.prod.outlook.com> <b85947cd235d4cfc802f6a3ef4ef5cac@ex13d01anc003.ant.amazon.com> <b22f2d2780844ef8bc422be316eecbdf@ex13d01anc003.ant.amazon.com> <emc6e5db6a-3afb-455b-ab43-6759d1adb936@desktop-8g465ua> <66F981E1-05BB-4B4D-8DE4-006023094F15@akamai.com> <24a7328bd1814769a6f47ae00f682be3@EX13D01ANC003.ant.amazon.com> <BN1P110MB093995115D31A8FD3ECBFC72DCA99@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <SA0PR09MB6524C8D19FE6FC543D420981A9B89@SA0PR09MB6524.namprd09.prod.outlook.com> <16dae1e5137a48079d976bcb93185925@EX13D01ANC003.ant.amazon.com> <BN2P110MB1107657E8951BFA1DC129E15DC189@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <BLAPR09MB7249821528692CB569FC7CFDFC1A9@BLAPR09MB7249.namprd09.prod.outlook.com>
In-Reply-To: <BLAPR09MB7249821528692CB569FC7CFDFC1A9@BLAPR09MB7249.namprd09.prod.outlook.com>
From: Mike Prorock <mprorock@mesur.io>
Date: Fri, 25 Mar 2022 09:08:17 -0400
Message-ID: <CAGJKSNR480GepWzMZHAj8OC7FbtPdY12BmcQBUExd6ujGN5q=A@mail.gmail.com>
To: Rebecca Guthrie <rmguthr=40uwe.nsa.gov@dmarc.ietf.org>
Cc: Roman Danyliw <rdd@cert.org>, "saag@ietf.org" <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009fb87705db0aa8f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Aas3w-Emn0UK1sWzxj7QAyywSas>
Subject: Re: [saag] About the "Draft text for a PQ Maintenance WG"
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 13:08:36 -0000

Email crossed - yes, thank you Rebecca - we are actively working on the PQC
Signature side of things with some great support from a variety of
parties.  Getting a defined list as this is an evolving space would be
great.

Mike Prorock
CTO, Founder
https://mesur.io/



On Fri, Mar 25, 2022 at 7:19 AM Rebecca Guthrie <rmguthr=
40uwe.nsa.gov@dmarc.ietf.org> wrote:

> Hi Roman,
>
> Thank you for keeping track of the PQ work in IETF (and thanks to Panos
> for reviving this topic)! Is the PQ activity list something that others are
> able to update? There is a draft, JSON Encoding for PQ Signatures
> (draft-prorock-cose-post-quantum-signatures-00), and another newly-uploaded
> draft, draft-guthrie-ipsecme-ikev2-hybrid-auth, that can be added to the
> list.
>
> Also- though it is still being worked out which protocols are in the scope
> of the proposed PQ Agility WG charter, could it be helpful to establish a
> separate mail-list, as a place to begin these conversations?
>
> Rebecca
>
> -----Original Message-----
> From: saag <saag-bounces@ietf.org> On Behalf Of Roman Danyliw
> Sent: Wednesday, March 23, 2022 8:02 AM
> To: Kampanakis, Panos <kpanos@amazon.com>om>; saag@ietf.org
> Subject: Re: [saag] About the "Draft text for a PQ Maintenance WG"
>
> Hi Panos!
>
> No updates.  While there is concrete charter text describing the mechanics
> of how such a hypothetical WG would operate, it doesn't describe what
> protocols would be in scope for the initial body of work.  Progress is
> blocked pending identification of such initial milestones (i.e., what
> protocols need a PQC re-design but don't have an existing WG to address it).
>
> Feedback continues to be welcome on this list (saag@ietf).  I've been
> trying to keep a running summary of the PQC work in the IETF at
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fsec%2Fwiki%2FPQCAgility&amp;data=04%7C01%7Crmguthr%40uwe.nsa.gov%7C654932872ddc4f843f7808da0cc51cae%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C637836337995913584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=AoUcD0vWmShCxinFoJRzqq8Mr5z9aIAycqchpMKiIj4%3D&amp;reserved=0
> .
>
> Regards,
> Roman
>
> > -----Original Message-----
> > From: Kampanakis, Panos <kpanos@amazon.com>
> > Sent: Tuesday, January 25, 2022 11:08 PM
> > To: saag@ietf.org
> > Cc: Roman Danyliw <rdd@cert.org>rg>; Benjamin Kaduk <kaduk@mit.edu>
> > Subject: RE: [saag] Re: About the "Draft text for a PQ Maintenance WG"
> >
> > Hi Roman, Ben,
> >
> > Just resurrecting this thread from a few months back.
> >
> > Do you know if there will be any updates or progress on this new WG by
> > IETF- 113?
> >
> > Thanks,
> > Panos
> >
> >
> > -----Original Message-----
> > From: saag <saag-bounces@ietf.org> On Behalf Of Sheehe, Charles J.
> > (GRC-
> > LCN0)
> > Sent: Thursday, October 14, 2021 8:19 AM
> > To: saag@ietf.org
> > Subject: RE: [EXTERNAL] [saag] [EXTERNAL] Re: About the "Draft text
> > for a PQ Maintenance WG"
> >
> > CAUTION: This email originated from outside of the organization. Do
> > not click links or open attachments unless you can confirm the sender
> > and know the content is safe.
> >
> >
> >
> > Hi
> >
> > I think the charter looks fine.
> >
> > Thanks
> > Chuck
> >
> > Charles J. Sheehe III
> > Computer Engineer
> > Secure Networks, System
> > Integration and Test Branch (LCN)
> > Glenn Research Center
> > 21000 Brookpark Rd
> > Cleveland, OH 44135
> > Charles.J.Sheehe@NASA.GOV Email
> > Charles.J.Sheehe@NSS.SGov.Gov SIPRmail
> > Office: 216-433-5179
> >      It is not the critic who counts; not the man who points out how
> > the strong man stumbles, or where the doer of deeds could have done them
> better.
> >
> >     The credit belongs to the man who is actually in the arena, whose
> > face is marred by dust and sweat and blood; who strives valiantly; who
> > errs, who comes short again and again, because there is no effort
> > without error and shortcoming; but who does actually strive to do the
> > deeds; who knows great enthusiasms, the great devotions; who spends
> > himself in a worthy cause; who at the best knows in the end the
> > triumph of high achievement, and who at the worst, if he fails, at
> > least fails while daring greatly, so that his place shall never be with
> those cold and timid souls who neither know victory nor defeat.
> > Theodore Roosevelt
> >
> > -----Original Message-----
> > From: saag <saag-bounces@ietf.org> On Behalf Of Roman Danyliw
> > Sent: Wednesday, September 29, 2021 2:23 PM
> > To: Kampanakis, Panos <kpanos@amazon.com>om>; Salz, Rich
> > <rsalz=40akamai.com@dmarc.ietf.org>rg>; Benjamin Kaduk <kaduk@mit.edu>du>;
> > saag@ietf.org
> > Subject: [EXTERNAL] Re: [saag] About the "Draft text for a PQ
> > Maintenance WG"
> >
> > Hi!
> >
> >
> >
> > We've heard this confusion on using the "maintenance" short hand to
> > characterize this potential body of work.  The intent was what Panos
> > described
> > - a short hand where the "maintenance" was on existing IETF protocol
> > to allow it to benefit from PQC mechanisms.
> >
> >
> >
> > The proposed, templated charter language more precisely captures the
> > intent -- "The [Planned WG Name] working group ([Planned WG Acronym])
> > is chartered as a WG to analyze, adapt or update IETF protocols,
> > registries, and associated code points with PQ cryptographic mechanisms."
> > (https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
> > hub.com%2Frdanyliw%2Fietf-pq-maintenance%2Fblob%2Fmain%2Fpqm-charter.m
> > d&amp;data=04%7C01%7Crmguthr%40uwe.nsa.gov%7C654932872ddc4f843f7808da0
> > cc51cae%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C63783633799591358
> > 4%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6
> > Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=qmZgx%2BJWwcrKtqD7fwcL2lK43UQa
> > 5K0dPkZYl0n2ZGo%3D&amp;reserved=0
> > <
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> > com%2Frdanyliw%2Fietf-pq-maintenance%2Fblob%2Fmain%2Fpqm-
> > charter.md&data=04%7C01%7CCharles.J.Sheehe%40nasa.gov%7Cd092f22f99e
> > c48fe1a1a08d983764e40%7C7005d45845be48ae8140d43da96dd17b%7C0%7
> > C0%7C637685366837666194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4w
> > LjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdat
> > a=mJG8R%2FPW8OcWxEdkDGyJ1P0DxvUhWd2XODuf55oYDSM%3D&reserved
> > =0> ).  I've removed "PQ maintenance" from the header of the templated
> > charter.  It now reads "PQC Agility WG".  The term didn't appear in
> > the charter text itself.  However, to eliminate all possible c
> > onfusion I also the one instance of maintenance by s/protocol
> maintenance/protocol changes/.
> >
> >
> >
> > Roman
> >
> >
> >
> > From: Kampanakis, Panos <kpanos@amazon.com>
> > Sent: Wednesday, September 29, 2021 12:53 PM
> > To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>rg>; Roman Danyliw
> > <rdd@cert.org>rg>; Benjamin Kaduk <kaduk@mit.edu>du>; saag@ietf.org
> > Subject: RE: [saag] About the "Draft text for a PQ Maintenance WG"
> >
> >
> >
> > Maybe maintenance is the wrong word, but the point is to have a WG for
> > orphaned (without a WG) protocols like CURDLE was for Curve25519/448.
> >
> >
> >
> > From: saag <saag-bounces@ietf.org <mailto:saag-bounces@ietf.org> > On
> > Behalf Of Salz, Rich
> > Sent: Wednesday, September 29, 2021 12:41 PM
> > To: Ludovic Perret <ludovic.perret@cryptonext-security.com
> > <mailto:ludovic.perret@cryptonext-security.com> >; Roman Danyliw
> > <rdd@cert.org <mailto:rdd@cert.org> >; Benjamin Kaduk <kaduk@mit.edu
> > <mailto:kaduk@mit.edu> >; saag@ietf.org <mailto:saag@ietf.org>
> > Cc: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org
> > <mailto:kpanos=40amazon.com@dmarc.ietf.org> >
> > Subject: RE: [EXTERNAL] [saag] About the "Draft text for a PQ
> > Maintenance WG"
> >
> >
> >
> > CAUTION: This email originated from outside of the organization. Do
> > not click links or open attachments unless you can confirm the sender
> > and know the content is safe.
> >
> >
> >
> > I find the concept of post-quantum *maintenance* very strange.
> >
> >
> >
> >
> >
> > _______________________________________________
> > saag mailing list
> > saag@ietf.org
> > https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> > ietf.org%2Fmailman%2Flistinfo%2Fsaag&amp;data=04%7C01%7Crmguthr%40uwe.
> > nsa.gov%7C654932872ddc4f843f7808da0cc51cae%7Cd61e9a6ffc164f848a3e6eeff
> > 33e136b%7C0%7C0%7C637836337995913584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;s
> > data=TjuCPc2ZfiBT39IBiWwjaalTum%2BdDTf8cdHV%2FQo4pN0%3D&amp;reserved=0
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
>
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsaag&amp;data=04%7C01%7Crmguthr%40uwe.nsa.gov%7C654932872ddc4f843f7808da0cc51cae%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C637836337995913584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=TjuCPc2ZfiBT39IBiWwjaalTum%2BdDTf8cdHV%2FQo4pN0%3D&amp;reserved=0
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>